The Tapplock One smart padlock has been getting attention this week for all the wrong reasons. The $84 smart lock, which opens via a fingerprint sensor and raised $330k on Indiegogo, has been hacked by both a security firm scanning for Bluetooth devices and a YouTube star with a suction cup.
Not great. Andrew Tierney from Pen Test Partners has done a blog post about how you can open the Tapplock in two seconds by "sniffing" Bluetooth Low Energy data from the Tapplock's ability to share access with friends and family and using the key to open the lock. Tierney writes that it "requires no skill or knowledge" to hack the lock. (He also suggests the Ring Video Doorbell is susceptible to the same hack).
Read this: Getting started with Ring - essential guide
Tapplock says it is pushing out a security firmware update to address the Bluetooth vulnerability, namechecking Pen Test Partners - we'll look out to see if Tierney or any other security experts are able to test out another lock once this has rolled out. We haven't tested the Tapplock here at The Ambient yet.
All this came after JerryRigEverything posted a YouTube video of how he was able to open the lock with a suction cup. It's already got 1.5 million views but turns out Tapplock says his padlock was defective - specifically that a spring pin wasn't inserted correctly. Plus CNET has tried out a bunch of suction cups and not been able to replicate the hack.
So Tapplock is dealing with both physical and digital issues. Still it's not a good look especially as when Tierney alerted them, the Canadian startup replied that it was already aware of the issues but at that point didn't appear to have told any customers.
It's not good press for smart locks in general, either, as there's legitimate concerns about how secure they really are. Let us know in the comments below if you'd feel comfortable locking up valuables or your whole house with this or another smart lock.